Single Sign-On with Auth0 in Sitecore

In a recent article I explained an importance of the Single Sign-On (SSO) authentication on today’s websites and now would like to share with you a practical example.

This blog post will teach you about how to setup Auth0 identity management platform and integrate it with your Sitecore sites.

Integration approach

There are two common ways to implement authentication for a Sitecore application with Auth0:

• Universal Login – when users register and log in to the Sitecore site though a form entirely hosted by Auth0;
• Embedded Login – when the Sitecore site is entirely responsible for the registration and login via Auth0 API.

The Universal Login is more secure than the Embedded Login, it is safe and easy to implement, and this is the recommended option by Auth0. ?

Following to Auth0’s recommendation I use the Universal Login option with a New Lock template, read more here. This approach allows me to get most of the out-of-the-box features, specifically registration and login with social accounts, and supports some styling and customisation to make it look like my Sitecore layout.

A typical integration flow between Auth0 and Sitecore consists of the following steps:

1. Sitecore sends a POST request to Auth0 for registration / login and sets a ASP.NET_SessionId ?cookie;
2. Auth0 serves the registration / login request, sets an auth0 cookie that stores a session reference in Auth0, and makes a callback redirect to Sitecore passing an authentication Id Token;
3. Sitecore processes the redirect request executing a number of tasks such as:

• Id Token validation;
• Creation of a Virtual User object in memory;
• Mapping of Claims from Id Token to Sitecore User Profile including the additional fields.

To be continued...